Configure audit clients for Workgroup

Contributors netapp-madkat

Perform this procedure for each Admin Node in a StorageGRID deployment from which you want to retrieve audit messages.

What you’ll need
  • You have the Passwords.txt file with the root/admin account password (available in the SAID package).

  • You have the Configuration.txt file (available in the SAID package).

About this task

Audit export through CIFS/Samba has been deprecated and will be removed in a future StorageGRID release.

Steps
  1. Log in to the primary Admin Node:

    1. Enter the following command: ssh admin@primary_Admin_Node_IP

    2. Enter the password listed in the Passwords.txt file.

    3. Enter the following command to switch to root: su -

    4. Enter the password listed in the Passwords.txt file.

      When you are logged in as root, the prompt changes from $ to #.

  2. Confirm that all services have a state of Running or Verified: storagegrid-status

    If all services are not Running or Verified, resolve issues before continuing.

  3. Return to the command line, press Ctrl+C.

  4. Start the CIFS configuration utility: config_cifs.rb

    ---------------------------------------------------------------------
    | Shares                 | Authentication         | Config          |
    ---------------------------------------------------------------------
    | add-audit-share        | set-authentication     | validate-config |
    | enable-disable-share   | set-netbios-name       | help            |
    | add-user-to-share      | join-domain            | exit            |
    | remove-user-from-share | add-password-server    |                 |
    | modify-group           | remove-password-server |                 |
    |                        | add-wins-server        |                 |
    |                        | remove-wins-server     |                 |
    ---------------------------------------------------------------------
  5. Set the authentication for the Windows Workgroup:

    If authentication has already been set, an advisory message appears. If authentication has already been set, go to the next step.

    1. Enter: set-authentication

    2. When prompted for Windows Workgroup or Active Directory installation, enter: workgroup

    3. When prompted, enter a name of the Workgroup: workgroup_name

    4. When prompted, create a meaningful NetBIOS name: netbios_name

      or

      Press Enter to use the Admin Node’s hostname as the NetBIOS name.

      The script restarts the Samba server and changes are applied. This should take less than one minute. After setting authentication, add an audit client.

    5. When prompted, press Enter.

      The CIFS configuration utility is displayed.

  6. Add an audit client:

    1. Enter: add-audit-share

      Note The share is automatically added as read-only.
    2. When prompted, add a user or group: user

    3. When prompted, enter the audit user name: audit_user_name

    4. When prompted, enter a password for the audit user: password

    5. When prompted, re-enter the same password to confirm it: password

    6. When prompted, press Enter.

      The CIFS configuration utility is displayed.

    Note There is no need to enter a directory. The audit directory name is predefined.
  7. If more than one user or group is permitted to access the audit share, add the additional users:

    1. Enter: add-user-to-share

      A numbered list of enabled shares is displayed.

    2. When prompted, enter the number of the audit-export share: share_number

    3. When prompted, add a user or group: user

      or group

    4. When prompted, enter the name of the audit user or group: audit_user or audit_group

    5. When prompted, press Enter.

      The CIFS configuration utility is displayed.

    6. Repeat these substeps for each additional user or group that has access to the audit share.

  8. Optionally, verify your configuration: validate-config

    The services are checked and displayed. You can safely ignore the following messages:

    Can't find include file /etc/samba/includes/cifs-interfaces.inc
    Can't find include file /etc/samba/includes/cifs-filesystem.inc
    Can't find include file /etc/samba/includes/cifs-custom-config.inc
    Can't find include file /etc/samba/includes/cifs-shares.inc
    rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
    1. When prompted, press Enter.

      The audit client configuration is displayed.

    2. When prompted, press Enter.

      The CIFS configuration utility is displayed.

  9. Close the CIFS configuration utility: exit

  10. Start the Samba service: service smbd start

  11. If the StorageGRID deployment is a single site, go to the next step.

    or

    Optionally, if the StorageGRID deployment includes Admin Nodes at other sites, enable these audit share as required:

    1. Remotely log in to a site’s Admin Node:

      1. Enter the following command: ssh admin@grid_node_IP

      2. Enter the password listed in the Passwords.txt file.

      3. Enter the following command to switch to root: su -

      4. Enter the password listed in the Passwords.txt file.

    2. Repeat the steps to configure the audit share for each additional Admin Node.

    3. Close the remote secure shell login to the remote Admin Node: exit

  12. Log out of the command shell: exit